summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-10-30 05:21:16 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-10-30 05:21:16 +0000
commit15741d2fe4bafee9100feca2bbf3c133421a2e88 (patch)
tree72aee2a1d542bd78322d19010e374b415b137dd2
parent160950ae0ec718a4d6ef9932ae2ff175fc8ebbd6 (diff)
downloadsamba-15741d2fe4bafee9100feca2bbf3c133421a2e88.tar.gz
samba-15741d2fe4bafee9100feca2bbf3c133421a2e88.tar.bz2
samba-15741d2fe4bafee9100feca2bbf3c133421a2e88.zip
Fix up smbpasswd -e/-d so that it doesn't change the password under you any
more. (Previously it set them to 'XXXX' or similar when only the flags were being changed - a bug I must have introduced when I reworked the passdb end of things a few weeks back.) Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is actually to be changed. Andrew Bartlett (This used to be commit cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c)
-rw-r--r--source3/include/smb.h1
-rw-r--r--source3/pam_smbpass/pam_smb_auth.c4
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c2
-rw-r--r--source3/passdb/passdb.c21
-rw-r--r--source3/utils/smbpasswd.c24
5 files changed, 18 insertions, 34 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 16f90d0333..dea5bb66df 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -621,6 +621,7 @@ typedef struct sam_passwd
#define LOCAL_ENABLE_USER 0x8
#define LOCAL_TRUST_ACCOUNT 0x10
#define LOCAL_SET_NO_PASSWORD 0x20
+#define LOCAL_SET_PASSWORD 0x40
/* key and data in the connections database - used in smbstatus and smbd */
struct connections_key {
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 3126bebb34..8279915077 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -187,7 +187,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
/* Add the user to the db if they aren't already there. */
if (smb_pwent == NULL) {
- retval = local_password_change( name, LOCAL_ADD_USER,
+ retval = local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
pass, err_str,
sizeof(err_str),
msg_str, sizeof(msg_str) );
@@ -209,7 +209,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
/* Change the user's password IFF it's null. */
if (smb_pwent->smb_passwd == NULL && (smb_pwent->acct_ctrl & ACB_PWNOTREQ))
{
- retval = local_password_change( name, 0,
+ retval = local_password_change( name, LOCAL_SET_PASSWORD,
pass, err_str,
sizeof(err_str),
msg_str, sizeof(msg_str) );
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 3a987684f1..9d0b13d6ce 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -44,7 +44,7 @@ int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user
err_str[0] = '\0';
msg_str[0] = '\0';
- retval = local_password_change( user, 0, pass_new, err_str, sizeof(err_str),
+ retval = local_password_change( user, LOCAL_SET_PASSWORD, pass_new, err_str, sizeof(err_str),
msg_str, sizeof(msg_str) );
if (!retval) {
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index c58afc1f89..6a96426a9f 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -919,13 +919,6 @@ account without a valid local system user.\n", user_name);
return False;
}
} else if (local_flags & LOCAL_ENABLE_USER) {
- if (pdb_get_lanman_passwd(sam_pass) == NULL) {
- if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
- slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
- }
- }
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
@@ -939,19 +932,7 @@ account without a valid local system user.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
-
- /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
- if (!pdb_set_lanman_passwd (sam_pass, NULL)) {
- slprintf(err_str, err_str_len-1, "Failed to set NULL lanman password for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
- }
- if (!pdb_set_nt_passwd (sam_pass, NULL)) {
- slprintf(err_str, err_str_len-1, "Failed to set NULL NT password for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
- }
- } else {
+ } else if (local_flags & LOCAL_SET_PASSWORD) {
/*
* If we're dealing with setting a completely empty user account
* ie. One with a password of 'XXXX', but not set disabled (like
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index c5aafeb723..6a330812e1 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -536,7 +536,7 @@ static int process_root(int argc, char *argv[])
struct passwd *pwd;
int result = 0, ch;
BOOL joining_domain = False, got_pass = False, got_username = False;
- int local_flags = 0;
+ int local_flags = LOCAL_SET_PASSWORD;
BOOL stdin_passwd_get = False;
fstring user_name, user_password;
char *new_domain = NULL;
@@ -559,21 +559,22 @@ static int process_root(int argc, char *argv[])
break;
case 'x':
local_flags |= LOCAL_DELETE_USER;
- new_passwd = xstrdup("XXXXXX");
+ local_flags &= ~LOCAL_SET_PASSWORD;
break;
case 'd':
local_flags |= LOCAL_DISABLE_USER;
- new_passwd = xstrdup("XXXXXX");
+ local_flags &= ~LOCAL_SET_PASSWORD;
break;
case 'e':
local_flags |= LOCAL_ENABLE_USER;
+ local_flags &= ~LOCAL_SET_PASSWORD;
break;
case 'm':
local_flags |= LOCAL_TRUST_ACCOUNT;
break;
case 'n':
local_flags |= LOCAL_SET_NO_PASSWORD;
- new_passwd = xstrdup("NO PASSWORD");
+ local_flags &= ~LOCAL_SET_PASSWORD;
break;
case 'j':
new_domain = optarg;
@@ -733,7 +734,7 @@ static int process_root(int argc, char *argv[])
old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
}
- if (!new_passwd) {
+ if (!(local_flags & LOCAL_SET_PASSWORD)) {
/*
* If we are trying to enable a user, first we need to find out
@@ -750,15 +751,16 @@ static int process_root(int argc, char *argv[])
pdb_init_sam(&sampass);
ret = pdb_getsampwnam(sampass, user_name);
- if((sampass != False) && (pdb_get_lanman_passwd(sampass) != NULL)) {
- new_passwd = xstrdup("XXXX"); /* Don't care. */
+ if((sampass != False) && (pdb_get_lanman_passwd(sampass) == NULL)) {
+ local_flags |= LOCAL_SET_PASSWORD;
}
pdb_free_sam(&sampass);
}
+ }
- if(!new_passwd)
- new_passwd = prompt_for_new_password(stdin_passwd_get);
-
+ if(local_flags & LOCAL_SET_PASSWORD) {
+ new_passwd = prompt_for_new_password(stdin_passwd_get);
+
if(!new_passwd) {
fprintf(stderr, "Unable to get new password.\n");
exit(1);
@@ -771,7 +773,7 @@ static int process_root(int argc, char *argv[])
goto done;
}
- if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD))) {
+ if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) {
SAM_ACCOUNT *sampass = NULL;
BOOL ret;